InternetNZ calls for NZ to lift its game on privacy
New Zealanders’ privacy is increasingly threatened by breaches online. With people sharing personal information in more places, it’s more important than ever that our 25-year-old privacy law gets the attention it needs as part of the update for the Internet era.
InternetNZ Chief Executive, Jordan Carter, says "Recent data breaches show that New Zealand has to lift its game on privacy protection. There’s currently no law requiring companies like Z Energy, Vector, or LinkedIn to tell New Zealanders if their data has been leaked. The Justice Select Committee needs to take this opportunity to make this Privacy Bill fit for 2018 and beyond. In practical terms, that means working with the suggestions submitters have made, and consulting on new ideas that people have raised.
"A modern privacy law is too urgent to delay, but also too important to risk getting wrong. This Bill has waited five years to get to Select Committee. Taking the time to test new changes is the right thing to do now, to pass this Bill and make it fit for purpose."
There have been more than 165 written submissions. The message across those submissions is clear support for updating and improving New Zealand's privacy law. Submissions have been made by the likes of Bell Gully, Trademe and Xero.
"This isn’t some niche nerd thing, this is something every New Zealander cares about. The Privacy Bill affects every organisation that serves us - from your daycare centre to your accounting software and your supermarket loyalty card.
"Has your data been included in a breach? There’s no way to tell. My data could have been breached, your data could have been breached. With no law requiring organisations to report these breaches we have no way of knowing and taking steps to protect ourselves," says Carter.
Vector has called for strong measures to lift our Privacy Bill so that it’s fit for the Internet era. The Linkedin 2012 data breach is still affecting people six years later, and most recently, has been linked to the recent "sextortian scandal." The Facebook and Cambridge Analytica case, where people’s personal information was misused to research and influence national election campaigns, is one of a number of examples this year.
In May, Europe’s General Data Protection Regulation (GDPR) came into effect addressing some of the same concerns we’re seeing in New Zealand and across the world.
InternetNZ Policy Director, Ellen Strickland, says "No one who works in the privacy space believes the current privacy law in New Zealand is good for 2018. We urgently need an up-to-date privacy law that is fit for purpose in the Internet age.
"We think it’s great to see so many businesses, organisations and individual New Zealanders engaging to support privacy protections that work in the 21st Century and there are some good ideas in those submissions that deserve to be looked at," says Strickland.
InternetNZ is calling for adjustments to be made to the current Privacy Bill:
1) An urgent review of EU adequacy under GDPR. New Zealand needs to retain our stamp of approval from the EU. Without this, every individual New Zealand company who trades with Europe would have to do their own compliance with EU law and that would be a big burden.
2) Align breach notifications. The Bill currently requires companies whose data is breached to notify people to let them know they’re effected. We support breach notification but are calling for an approach which follows overseas best practice inline with Australia, Canada and the European Union. This will make it easier for New Zealand businesses who work globally. We don’t want to drown people in notifications but we want them to be meaningful.
Submissions are online for anyone to view. InternetNZ is delivering their oral submission on Thursday 6 September 2018 to the Select Committee.